Microsoft Rushing Out Fix For Animated Cursor Vulnerability

Microsoft is preparing an emergency fix for the Serious Vulnerability Affects All Recent Windows Versions and hopes to have it ready for April 3, 2007.

The Microsoft Security Response Center blog reports:

From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.

I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it’s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know.

I’m sure one question in people’s minds is how we’re able to release an update for this issue so quickly. I mentioned on Friday that this issue was first brought to us in late December 2006 and we’ve been working on our investigation and a security update since then. This update was previously scheduled for release as part of the April monthly release on April 10, 2007. Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10.

I don’t know, it sounds like the cure might be worse than the illness. I’ll be watching this one from the sidelines and won’t grab the update until very late in the day if at all. In the mean time I’m staying away from non-trusted sites on my Windows machines. You should do the same.

[Latest on security update for Microsoft Security Advisory 935423]

[tags]Microsoft Windows, Vista, Windows XP, Microsoft, Animated Cursor, security[/tags]